[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/, dev-libs/openssl/ - gentoo-commits

From:	Mike Gilbert <floppym@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/, dev-libs/openssl/
Date:	Tue, 05 Jul 2022 22:15:25
Message-Id:	`1657059318.db6f7217c034a620288ea0ef95227707c3fb55ea.floppym@gentoo`

1

commit:     db6f7217c034a620288ea0ef95227707c3fb55ea

2

Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jul  5 22:13:46 2022 +0000

4

Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

5

CommitDate: Tue Jul  5 22:15:18 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db6f7217

7

8

dev-libs/openssl: add 3.0.5

9

10

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

11

12

 dev-libs/openssl/Manifest                          |   2 +

13

 .../openssl/files/openssl-3.0.5-test-memcmp.patch  |  22 ++

14

 dev-libs/openssl/openssl-3.0.5.ebuild              | 325 +++++++++++++++++++++

15

 3 files changed, 349 insertions(+)

16

17

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest

18

index 86edfb8addcb..d85b9ffd72e4 100644

19

--- a/dev-libs/openssl/Manifest

20

+++ b/dev-libs/openssl/Manifest

21

@@ -15,3 +15,5 @@ DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51

22

 DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace

23

 DIST openssl-3.0.4.tar.gz 15069605 BLAKE2B e8ef09d74aa128fee0ddc347458a41cde65af07a6e6836889a0230cd7989e46b5d10a4930eb7a63c0cf93485914ec33665d14637b6c27fd442c0e9becb2d2a86 SHA512 478cd801dc4787688e6d9062969ae738c24f869bb186f717ad3be54ae8f2630e5cd845c504efd3405ea1ecda07ebee00014cc6ef7bca9585a6240cf89d516557

24

 DIST openssl-3.0.4.tar.gz.asc 488 BLAKE2B 54f652ae78c6f39aef970fd7372808c876d37a823cc31431d770db67caf11342d1045992e393242d4c73253e4e16640dd9bd56203864394e907976918909e5dc SHA512 c30af3cda92b06cff864ed33c17d8dcb8c7d429ed8419f96d19d3049dfaa268c73ec7753815a134b069ae7f4ea20fb4bcdd04f86d33628592ce4500777494c85

25

+DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe

26

+DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be

27

28

diff --git a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch

29

new file mode 100644

30

index 000000000000..8fa03877581f

31

--- /dev/null

32

+++ b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch

33

@@ -0,0 +1,22 @@

34

+From 7f58de577c05ae0bbd20eee9b2971cfa1cd062c8 Mon Sep 17 00:00:00 2001

35

+From: Gregor Jasny <gjasny@××××××××××.com>

36

+Date: Tue, 5 Jul 2022 12:57:06 +0200

37

+Subject: [PATCH] Add missing header for memcmp

38

+

39

+CLA: trivial

40

+---

41

+ test/v3ext.c | 1 +

42

+ 1 file changed, 1 insertion(+)

43

+

44

+diff --git a/test/v3ext.c b/test/v3ext.c

45

+index 926f3884b138..a8ab64b2714b 100644

46

+--- a/test/v3ext.c

47

++++ b/test/v3ext.c

48

+@@ -8,6 +8,7 @@

49

+  */

50

+

51

+ #include <stdio.h>

52

++#include <string.h>

53

+ #include <openssl/x509.h>

54

+ #include <openssl/x509v3.h>

55

+ #include <openssl/pem.h>

56

57

diff --git a/dev-libs/openssl/openssl-3.0.5.ebuild b/dev-libs/openssl/openssl-3.0.5.ebuild

58

new file mode 100644

59

index 000000000000..56af5a262265

60

--- /dev/null

61

+++ b/dev-libs/openssl/openssl-3.0.5.ebuild

62

@@ -0,0 +1,325 @@

63

+# Copyright 1999-2022 Gentoo Authors

64

+# Distributed under the terms of the GNU General Public License v2

65

+

66

+EAPI=7

67

+

68

+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc

69

+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig

70

+

71

+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"

72

+HOMEPAGE="https://www.openssl.org/"

73

+

74

+MY_P=${P/_/-}

75

+

76

+if [[ ${PV} == 9999 ]] ; then

77

+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"

78

+

79

+	inherit git-r3

80

+else

81

+	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz

82

+		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"

83

+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"

84

+fi

85

+

86

+S="${WORKDIR}"/${MY_P}

87

+

88

+LICENSE="Apache-2.0"

89

+SLOT="0/3" # .so version of libssl/libcrypto

90

+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"

91

+RESTRICT="!test? ( test )"

92

+

93

+COMMON_DEPEND="

94

+	>=app-misc/c_rehash-1.7-r1

95

+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

96

+"

97

+BDEPEND="

98

+	>=dev-lang/perl-5

99

+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

100

+	test? (

101

+		sys-apps/diffutils

102

+		sys-devel/bc

103

+		sys-process/procps

104

+	)

105

+	verify-sig? ( sec-keys/openpgp-keys-openssl )"

106

+

107

+DEPEND="${COMMON_DEPEND}"

108

+RDEPEND="${COMMON_DEPEND}"

109

+PDEPEND="app-misc/ca-certificates"

110

+

111

+MULTILIB_WRAPPED_HEADERS=(

112

+	/usr/include/openssl/configuration.h

113

+)

114

+

115

+PATCHES=(

116

+	"${FILESDIR}"/${P}-test-memcmp.patch

117

+)

118

+

119

+pkg_setup() {

120

+	if use ktls ; then

121

+		if kernel_is -lt 4 18 ; then

122

+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"

123

+		else

124

+			CONFIG_CHECK="~TLS ~TLS_DEVICE"

125

+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"

126

+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"

127

+

128

+			linux-info_pkg_setup

129

+		fi

130

+	fi

131

+

132

+	[[ ${MERGE_TYPE} == binary ]] && return

133

+

134

+	# must check in pkg_setup; sysctl doesn't work with userpriv!

135

+	if use test && use sctp ; then

136

+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"

137

+		# if sctp.auth_enable is not enabled.

138

+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)

139

+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then

140

+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"

141

+		fi

142

+	fi

143

+}

144

+

145

+src_unpack() {

146

+	# Can delete this once test fix patch is dropped

147

+	if use verify-sig ; then

148

+		# Needed for downloaded patch (which is unsigned, which is fine)

149

+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}

150

+	fi

151

+

152

+	default

153

+}

154

+

155

+src_prepare() {

156

+	# Allow openssl to be cross-compiled

157

+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

158

+	chmod a+rx gentoo.config || die

159

+

160

+	# Keep this in sync with app-misc/c_rehash

161

+	SSL_CNF_DIR="/etc/ssl"

162

+

163

+	# Make sure we only ever touch Makefile.org and avoid patching a file

164

+	# that gets blown away anyways by the Configure script in src_configure

165

+	rm -f Makefile

166

+

167

+	if ! use vanilla ; then

168

+		PATCHES+=(

169

+			# Add patches which are Gentoo-specific customisations here

170

+		)

171

+	fi

172

+

173

+	default

174

+

175

+	if use test && use sctp && has network-sandbox ${FEATURES} ; then

176

+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."

177

+		rm test/recipes/80-test_ssl_new.t || die

178

+	fi

179

+

180

+	# - Make sure the man pages are suffixed (bug #302165)

181

+	# - Don't bother building man pages if they're disabled

182

+	# - Make DOCDIR Gentoo compliant

183

+	sed -i \

184

+		-e '/^MANSUFFIX/s:=.*:=ssl:' \

185

+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

186

+		-e $(has noman FEATURES \

187

+			&& echo '/^install:/s:install_docs::' \

188

+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \

189

+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \

190

+		Configurations/unix-Makefile.tmpl \

191

+		|| die

192

+

193

+	# Quiet out unknown driver argument warnings since openssl

194

+	# doesn't have well-split CFLAGS and we're making it even worse

195

+	# and 'make depend' uses -Werror for added fun (bug #417795 again)

196

+	tc-is-clang && append-flags -Qunused-arguments

197

+

198

+	# We really, really need to build OpenSSL w/ strict aliasing disabled.

199

+	# It's filled with violations and it *will* result in miscompiled

200

+	# code. This has been in the ebuild for > 10 years but even in 2022,

201

+	# it's still relevant:

202

+	# - https://github.com/llvm/llvm-project/issues/55255

203

+	# - https://github.com/openssl/openssl/issues/18225

204

+	# Don't remove the no strict aliasing bits below!

205

+	filter-flags -fstrict-aliasing

206

+	append-flags -fno-strict-aliasing

207

+

208

+	append-flags $(test-flags-CC -Wa,--noexecstack)

209

+

210

+	# Prefixify Configure shebang (bug #141906)

211

+	sed \

212

+		-e "1s,/usr/bin/env,${BROOT}&," \

213

+		-i Configure || die

214

+

215

+	# Remove test target when FEATURES=test isn't set

216

+	if ! use test ; then

217

+		sed \

218

+			-e '/^$config{dirs}/s@ "test",@@' \

219

+			-i Configure || die

220

+	fi

221

+

222

+	# The config script does stupid stuff to prompt the user. Kill it.

223

+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

224

+	./config --test-sanity || die "I AM NOT SANE"

225

+

226

+	multilib_copy_sources

227

+}

228

+

229

+multilib_src_configure() {

230

+	# bug #197996

231

+	unset APPS

232

+	# bug #312551

233

+	unset SCRIPTS

234

+	# bug #311473

235

+	unset CROSS_COMPILE

236

+

237

+	tc-export AR CC CXX RANLIB RC

238

+

239

+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

240

+

241

+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

242

+

243

+	local sslout=$(./gentoo.config)

244

+	einfo "Using configuration: ${sslout:-(openssl knows best)}"

245

+	local config="Configure"

246

+	[[ -z ${sslout} ]] && config="config"

247

+

248

+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features

249

+	local myeconfargs=(

250

+		${sslout}

251

+

252

+		$(use cpu_flags_x86_sse2 || echo "no-sse2")

253

+		enable-camellia

254

+		enable-ec

255

+		enable-ec2m

256

+		enable-sm2

257

+		enable-srp

258

+		$(use elibc_musl && echo "no-async")

259

+		enable-idea

260

+		enable-mdc2

261

+		enable-rc5

262

+		$(use fips && echo "enable-fips")

263

+		$(use_ssl asm)

264

+		$(use_ssl ktls)

265

+		$(use_ssl rfc3779)

266

+		$(use_ssl sctp)

267

+		$(use test || echo "no-tests")

268

+		$(use_ssl tls-compression zlib)

269

+		$(use_ssl weak-ssl-ciphers)

270

+

271

+		--prefix="${EPREFIX}"/usr

272

+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}

273

+		--libdir=$(get_libdir)

274

+

275

+		shared

276

+		threads

277

+	)

278

+

279

+	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"

280

+

281

+	# Clean out hardcoded flags that openssl uses

282

+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \

283

+		-e 's:^CFLAGS=::' \

284

+		-e 's:\(^\| \)-fomit-frame-pointer::g' \

285

+		-e 's:\(^\| \)-O[^ ]*::g' \

286

+		-e 's:\(^\| \)-march=[^ ]*::g' \

287

+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \

288

+		-e 's:\(^\| \)-m[^ ]*::g' \

289

+		-e 's:^ *::' \

290

+		-e 's: *$::' \

291

+		-e 's: \+: :g' \

292

+		-e 's:\\:\\\\:g'

293

+	)

294

+

295

+	# Now insert clean default flags with user flags

296

+	sed -i \

297

+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \

298

+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \

299

+		Makefile \

300

+		|| die

301

+}

302

+

303

+multilib_src_compile() {

304

+	# depend is needed to use $confopts; it also doesn't matter

305

+	# that it's -j1 as the code itself serializes subdirs

306

+	emake -j1 depend

307

+

308

+	emake all

309

+}

310

+

311

+multilib_src_test() {

312

+	# VFP = show subtests verbosely and show failed tests verbosely

313

+	# Normal V=1 would show everything verbosely but this slows things down.

314

+	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test

315

+}

316

+

317

+multilib_src_install() {

318

+	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)

319

+	dodir /usr

320

+

321

+	emake DESTDIR="${D}" install

322

+

323

+	# This is crappy in that the static archives are still built even

324

+	# when USE=static-libs. But this is due to a failing in the openssl

325

+	# build system: the static archives are built as PIC all the time.

326

+	# Only way around this would be to manually configure+compile openssl

327

+	# twice; once with shared lib support enabled and once without.

328

+	if ! use static-libs ; then

329

+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die

330

+	fi

331

+}

332

+

333

+multilib_src_install_all() {

334

+	# openssl installs perl version of c_rehash by default, but

335

+	# we provide a shell version via app-misc/c_rehash

336

+	rm "${ED}"/usr/bin/c_rehash || die

337

+

338

+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el

339

+

340

+	# Create the certs directory

341

+	keepdir ${SSL_CNF_DIR}/certs

342

+

343

+	# Namespace openssl programs to prevent conflicts with other man pages

344

+	cd "${ED}"/usr/share/man || die

345

+	local m d s

346

+	for m in $(find . -type f | xargs grep -L '#include') ; do

347

+		d=${m%/*}

348

+		d=${d#./}

349

+		m=${m##*/}

350

+

351

+		[[ ${m} == openssl.1* ]] && continue

352

+

353

+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"

354

+

355

+		mv ${d}/{,ssl-}${m} || die

356

+

357

+		# Fix up references to renamed man pages

358

+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die

359

+		ln -s ssl-${m} ${d}/openssl-${m} || die

360

+

361

+		# Locate any symlinks that point to this man page

362

+		# We assume that any broken links are due to the above renaming

363

+		for s in $(find -L ${d} -type l) ; do

364

+			s=${s##*/}

365

+

366

+			rm -f ${d}/${s}

367

+

368

+			# We don't want to "|| die" here

369

+			ln -s ssl-${m} ${d}/ssl-${s}

370

+			ln -s ssl-${s} ${d}/openssl-${s}

371

+		done

372

+	done

373

+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("

374

+

375

+	# bug #254521

376

+	dodir /etc/sandbox.d

377

+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

378

+

379

+	diropts -m0700

380

+	keepdir ${SSL_CNF_DIR}/private

381

+}

382

+

383

+pkg_postinst() {

384

+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"

385

+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null

386

+	eend $?

387

+}

1	commit: db6f7217c034a620288ea0ef95227707c3fb55ea
2	Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jul 5 22:13:46 2022 +0000
4	Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5	CommitDate: Tue Jul 5 22:15:18 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db6f7217
7
8	dev-libs/openssl: add 3.0.5
9
10	Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
11
12	dev-libs/openssl/Manifest \| 2 +
13	.../openssl/files/openssl-3.0.5-test-memcmp.patch \| 22 ++
14	dev-libs/openssl/openssl-3.0.5.ebuild \| 325 +++++++++++++++++++++
15	3 files changed, 349 insertions(+)
16
17	diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
18	index 86edfb8addcb..d85b9ffd72e4 100644
19	--- a/dev-libs/openssl/Manifest
20	+++ b/dev-libs/openssl/Manifest
21	@@ -15,3 +15,5 @@ DIST openssl-3.0.3.tar.gz 15058905 BLAKE2B 8141d13dbea2f1febdd4e46aa404e9f3bac51
22	DIST openssl-3.0.3.tar.gz.asc 488 BLAKE2B 3f31e3a73706b69683220e05b1b4ddc75dc3e7e12652dca711e4aa0eb3c023ef736aee9ade15172d7f28e1e1af03e86d4854ec6c3d167cad42882f483c5e56d4 SHA512 04afe65c6af1ae43a9967462383a6a4f567f5acff19ec1952cd6fce2dc3c3d4dfb3cb54126562724c148f40dcb66668abf727282d35730bbf36f82b5c6bacace
23	DIST openssl-3.0.4.tar.gz 15069605 BLAKE2B e8ef09d74aa128fee0ddc347458a41cde65af07a6e6836889a0230cd7989e46b5d10a4930eb7a63c0cf93485914ec33665d14637b6c27fd442c0e9becb2d2a86 SHA512 478cd801dc4787688e6d9062969ae738c24f869bb186f717ad3be54ae8f2630e5cd845c504efd3405ea1ecda07ebee00014cc6ef7bca9585a6240cf89d516557
24	DIST openssl-3.0.4.tar.gz.asc 488 BLAKE2B 54f652ae78c6f39aef970fd7372808c876d37a823cc31431d770db67caf11342d1045992e393242d4c73253e4e16640dd9bd56203864394e907976918909e5dc SHA512 c30af3cda92b06cff864ed33c17d8dcb8c7d429ed8419f96d19d3049dfaa268c73ec7753815a134b069ae7f4ea20fb4bcdd04f86d33628592ce4500777494c85
25	+DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
26	+DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
27
28	diff --git a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
29	new file mode 100644
30	index 000000000000..8fa03877581f
31	--- /dev/null
32	+++ b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
33	@@ -0,0 +1,22 @@
34	+From 7f58de577c05ae0bbd20eee9b2971cfa1cd062c8 Mon Sep 17 00:00:00 2001
35	+From: Gregor Jasny <gjasny@××××××××××.com>
36	+Date: Tue, 5 Jul 2022 12:57:06 +0200
37	+Subject: [PATCH] Add missing header for memcmp
38	+
39	+CLA: trivial
40	+---
41	+ test/v3ext.c \| 1 +
42	+ 1 file changed, 1 insertion(+)
43	+
44	+diff --git a/test/v3ext.c b/test/v3ext.c
45	+index 926f3884b138..a8ab64b2714b 100644
46	+--- a/test/v3ext.c
47	++++ b/test/v3ext.c
48	+@@ -8,6 +8,7 @@
49	+ */
50	+
51	+ #include <stdio.h>
52	++#include <string.h>
53	+ #include <openssl/x509.h>
54	+ #include <openssl/x509v3.h>
55	+ #include <openssl/pem.h>
56
57	diff --git a/dev-libs/openssl/openssl-3.0.5.ebuild b/dev-libs/openssl/openssl-3.0.5.ebuild
58	new file mode 100644
59	index 000000000000..56af5a262265
60	--- /dev/null
61	+++ b/dev-libs/openssl/openssl-3.0.5.ebuild
62	@@ -0,0 +1,325 @@
63	+# Copyright 1999-2022 Gentoo Authors
64	+# Distributed under the terms of the GNU General Public License v2
65	+
66	+EAPI=7
67	+
68	+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
69	+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
70	+
71	+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
72	+HOMEPAGE="https://www.openssl.org/"
73	+
74	+MY_P=${P/_/-}
75	+
76	+if [[ ${PV} == 9999 ]] ; then
77	+ EGIT_REPO_URI="https://github.com/openssl/openssl.git"
78	+
79	+ inherit git-r3
80	+else
81	+ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
82	+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
83	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
84	+fi
85	+
86	+S="${WORKDIR}"/${MY_P}
87	+
88	+LICENSE="Apache-2.0"
89	+SLOT="0/3" # .so version of libssl/libcrypto
90	+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
91	+RESTRICT="!test? ( test )"
92	+
93	+COMMON_DEPEND="
94	+ >=app-misc/c_rehash-1.7-r1
95	+ tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
96	+"
97	+BDEPEND="
98	+ >=dev-lang/perl-5
99	+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
100	+ test? (
101	+ sys-apps/diffutils
102	+ sys-devel/bc
103	+ sys-process/procps
104	+ )
105	+ verify-sig? ( sec-keys/openpgp-keys-openssl )"
106	+
107	+DEPEND="${COMMON_DEPEND}"
108	+RDEPEND="${COMMON_DEPEND}"
109	+PDEPEND="app-misc/ca-certificates"
110	+
111	+MULTILIB_WRAPPED_HEADERS=(
112	+ /usr/include/openssl/configuration.h
113	+)
114	+
115	+PATCHES=(
116	+ "${FILESDIR}"/${P}-test-memcmp.patch
117	+)
118	+
119	+pkg_setup() {
120	+ if use ktls ; then
121	+ if kernel_is -lt 4 18 ; then
122	+ ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
123	+ else
124	+ CONFIG_CHECK="~TLS ~TLS_DEVICE"
125	+ ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
126	+ ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
127	+
128	+ linux-info_pkg_setup
129	+ fi
130	+ fi
131	+
132	+ [[ ${MERGE_TYPE} == binary ]] && return
133	+
134	+ # must check in pkg_setup; sysctl doesn't work with userpriv!
135	+ if use test && use sctp ; then
136	+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
137	+ # if sctp.auth_enable is not enabled.
138	+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
139	+ if [[ -z "${sctp_auth_status}" ]] \|\| [[ ${sctp_auth_status} != 1 ]] ; then
140	+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
141	+ fi
142	+ fi
143	+}
144	+
145	+src_unpack() {
146	+ # Can delete this once test fix patch is dropped
147	+ if use verify-sig ; then
148	+ # Needed for downloaded patch (which is unsigned, which is fine)
149	+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
150	+ fi
151	+
152	+ default
153	+}
154	+
155	+src_prepare() {
156	+ # Allow openssl to be cross-compiled
157	+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config \|\| die
158	+ chmod a+rx gentoo.config \|\| die
159	+
160	+ # Keep this in sync with app-misc/c_rehash
161	+ SSL_CNF_DIR="/etc/ssl"
162	+
163	+ # Make sure we only ever touch Makefile.org and avoid patching a file
164	+ # that gets blown away anyways by the Configure script in src_configure
165	+ rm -f Makefile
166	+
167	+ if ! use vanilla ; then
168	+ PATCHES+=(
169	+ # Add patches which are Gentoo-specific customisations here
170	+ )
171	+ fi
172	+
173	+ default
174	+
175	+ if use test && use sctp && has network-sandbox ${FEATURES} ; then
176	+ einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
177	+ rm test/recipes/80-test_ssl_new.t \|\| die
178	+ fi
179	+
180	+ # - Make sure the man pages are suffixed (bug #302165)
181	+ # - Don't bother building man pages if they're disabled
182	+ # - Make DOCDIR Gentoo compliant
183	+ sed -i \
184	+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
185	+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
186	+ -e $(has noman FEATURES \
187	+ && echo '/^install:/s:install_docs::' \
188	+ \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
189	+ -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
190	+ Configurations/unix-Makefile.tmpl \
191	+ \|\| die
192	+
193	+ # Quiet out unknown driver argument warnings since openssl
194	+ # doesn't have well-split CFLAGS and we're making it even worse
195	+ # and 'make depend' uses -Werror for added fun (bug #417795 again)
196	+ tc-is-clang && append-flags -Qunused-arguments
197	+
198	+ # We really, really need to build OpenSSL w/ strict aliasing disabled.
199	+ # It's filled with violations and it will result in miscompiled
200	+ # code. This has been in the ebuild for > 10 years but even in 2022,
201	+ # it's still relevant:
202	+ # - https://github.com/llvm/llvm-project/issues/55255
203	+ # - https://github.com/openssl/openssl/issues/18225
204	+ # Don't remove the no strict aliasing bits below!
205	+ filter-flags -fstrict-aliasing
206	+ append-flags -fno-strict-aliasing
207	+
208	+ append-flags $(test-flags-CC -Wa,--noexecstack)
209	+
210	+ # Prefixify Configure shebang (bug #141906)
211	+ sed \
212	+ -e "1s,/usr/bin/env,${BROOT}&," \
213	+ -i Configure \|\| die
214	+
215	+ # Remove test target when FEATURES=test isn't set
216	+ if ! use test ; then
217	+ sed \
218	+ -e '/^$config{dirs}/s@ "test",@@' \
219	+ -i Configure \|\| die
220	+ fi
221	+
222	+ # The config script does stupid stuff to prompt the user. Kill it.
223	+ sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
224	+ ./config --test-sanity \|\| die "I AM NOT SANE"
225	+
226	+ multilib_copy_sources
227	+}
228	+
229	+multilib_src_configure() {
230	+ # bug #197996
231	+ unset APPS
232	+ # bug #312551
233	+ unset SCRIPTS
234	+ # bug #311473
235	+ unset CROSS_COMPILE
236	+
237	+ tc-export AR CC CXX RANLIB RC
238	+
239	+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
240	+
241	+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
242	+
243	+ local sslout=$(./gentoo.config)
244	+ einfo "Using configuration: ${sslout:-(openssl knows best)}"
245	+ local config="Configure"
246	+ [[ -z ${sslout} ]] && config="config"
247	+
248	+ # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
249	+ local myeconfargs=(
250	+ ${sslout}
251	+
252	+ $(use cpu_flags_x86_sse2 \|\| echo "no-sse2")
253	+ enable-camellia
254	+ enable-ec
255	+ enable-ec2m
256	+ enable-sm2
257	+ enable-srp
258	+ $(use elibc_musl && echo "no-async")
259	+ enable-idea
260	+ enable-mdc2
261	+ enable-rc5
262	+ $(use fips && echo "enable-fips")
263	+ $(use_ssl asm)
264	+ $(use_ssl ktls)
265	+ $(use_ssl rfc3779)
266	+ $(use_ssl sctp)
267	+ $(use test \|\| echo "no-tests")
268	+ $(use_ssl tls-compression zlib)
269	+ $(use_ssl weak-ssl-ciphers)
270	+
271	+ --prefix="${EPREFIX}"/usr
272	+ --openssldir="${EPREFIX}"${SSL_CNF_DIR}
273	+ --libdir=$(get_libdir)
274	+
275	+ shared
276	+ threads
277	+ )
278	+
279	+ CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
280	+
281	+ # Clean out hardcoded flags that openssl uses
282	+ local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile \| LC_ALL=C sed \
283	+ -e 's:^CFLAGS=::' \
284	+ -e 's:\(^\\| \)-fomit-frame-pointer::g' \
285	+ -e 's:\(^\\| \)-O[^ ]*::g' \
286	+ -e 's:\(^\\| \)-march=[^ ]*::g' \
287	+ -e 's:\(^\\| \)-mcpu=[^ ]*::g' \
288	+ -e 's:\(^\\| \)-m[^ ]*::g' \
289	+ -e 's:^ *::' \
290	+ -e 's: *$::' \
291	+ -e 's: \+: :g' \
292	+ -e 's:\\:\\\\:g'
293	+ )
294	+
295	+ # Now insert clean default flags with user flags
296	+ sed -i \
297	+ -e "/^CFLAGS=/s\|=.*\|=${DEFAULT_CFLAGS} ${CFLAGS}\|" \
298	+ -e "/^LDFLAGS=/s\|=[[:space:]]*$\|=${LDFLAGS}\|" \
299	+ Makefile \
300	+ \|\| die
301	+}
302	+
303	+multilib_src_compile() {
304	+ # depend is needed to use $confopts; it also doesn't matter
305	+ # that it's -j1 as the code itself serializes subdirs
306	+ emake -j1 depend
307	+
308	+ emake all
309	+}
310	+
311	+multilib_src_test() {
312	+ # VFP = show subtests verbosely and show failed tests verbosely
313	+ # Normal V=1 would show everything verbosely but this slows things down.
314	+ emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
315	+}
316	+
317	+multilib_src_install() {
318	+ # We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
319	+ dodir /usr
320	+
321	+ emake DESTDIR="${D}" install
322	+
323	+ # This is crappy in that the static archives are still built even
324	+ # when USE=static-libs. But this is due to a failing in the openssl
325	+ # build system: the static archives are built as PIC all the time.
326	+ # Only way around this would be to manually configure+compile openssl
327	+ # twice; once with shared lib support enabled and once without.
328	+ if ! use static-libs ; then
329	+ rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a \|\| die
330	+ fi
331	+}
332	+
333	+multilib_src_install_all() {
334	+ # openssl installs perl version of c_rehash by default, but
335	+ # we provide a shell version via app-misc/c_rehash
336	+ rm "${ED}"/usr/bin/c_rehash \|\| die
337	+
338	+ dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
339	+
340	+ # Create the certs directory
341	+ keepdir ${SSL_CNF_DIR}/certs
342	+
343	+ # Namespace openssl programs to prevent conflicts with other man pages
344	+ cd "${ED}"/usr/share/man \|\| die
345	+ local m d s
346	+ for m in $(find . -type f \| xargs grep -L '#include') ; do
347	+ d=${m%/*}
348	+ d=${d#./}
349	+ m=${m##*/}
350	+
351	+ [[ ${m} == openssl.1* ]] && continue
352	+
353	+ [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
354	+
355	+ mv ${d}/{,ssl-}${m} \|\| die
356	+
357	+ # Fix up references to renamed man pages
358	+ sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} \|\| die
359	+ ln -s ssl-${m} ${d}/openssl-${m} \|\| die
360	+
361	+ # Locate any symlinks that point to this man page
362	+ # We assume that any broken links are due to the above renaming
363	+ for s in $(find -L ${d} -type l) ; do
364	+ s=${s##*/}
365	+
366	+ rm -f ${d}/${s}
367	+
368	+ # We don't want to "\|\| die" here
369	+ ln -s ssl-${m} ${d}/ssl-${s}
370	+ ln -s ssl-${s} ${d}/openssl-${s}
371	+ done
372	+ done
373	+ [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
374	+
375	+ # bug #254521
376	+ dodir /etc/sandbox.d
377	+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
378	+
379	+ diropts -m0700
380	+ keepdir ${SSL_CNF_DIR}/private
381	+}
382	+
383	+pkg_postinst() {
384	+ ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
385	+ c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
386	+ eend $?
387	+}

Gentoo Archives: gentoo-commits